wpa_supplicant: IBSS/RSN and node reboot

Jouni Malinen j at w1.fi
Mon Dec 19 18:05:38 EST 2011

On Mon, Dec 19, 2011 at 09:59:49PM +0100, Antonio Quartulli wrote:
> I'm trying to make IBSS/RSN work in various scenarios. 
> In particular I'm now
> focussing on the simple case of two nodes (say A and B) which get in sync and
> where one of them (say B) suddenly reboots. After this event B tries to
> renegotiate the key but, A (which didn't delete A's state since it haven't
> received any IBSS_PEER_REMOVE) will drop its EAPOL packets due to wrong
> replay_counter..is there any way to workaround this issue? Actually, since A is
> never going to receive the IBSS_PEER_REMOVE (because A and B are again the same
> IBSS), A is not going to delete/reinitiate B's state machine.

The IEEE 802.11 standard provides a mechanism that could potentially be
used to recover from this (well, at least if PMF is not used). Station B
could send an Authentication frame here and that should make station A
drop the current PTKSA. While the rules on Key Replay Counter do not
strictly speaking discuss this IBSS use, I'd say it would be fine to
allow this to be used to initialize key replay counter to 0 (this is
describe beibg on on "(re)association" which does not really happen in

A more string way of interpreting the standard would point out that Key
Replay Counter does not get re-initialized back to zero until PSK is
changed (i.e., potentially never) and as such, the station better
remember which counter value it has used in the past and never go back
to zero..

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list